"Secured OS" and "good firewall" are OK, if there isn't a backdoor a' la'
what the CIA got the Swiss crypto company to provide after WWII. If you're
trusting software to keep you out of jail, you need to be working from source,
and to have read key parts.
But the other guy who said it would be visible on the wire is 95% right;
you can hide low-bandwidth flows fairly well, but hardly anyone has the
patience. Of course, few people have time to watch their wire either.
I'm the architect of NetIntercept - it's a passive network traffic analysis
tool with sophisticated stream reassembly, heuristic ID, correlation and
search capabilities that go way beyond Ethereal or other fundamentally
packet-based analyzers. More like what people used to put X-NSA-Fodder:
headers in their e-mail to tweak. This kind of viral/agent-like thing is
not in our line.
However, "Sandstorm" is our trademark, and I will be looking into the
matter futher. And if I ever see an executable with these characteristics passing by
on something I'm monitoring, I'll let you folks know what I find in it.
Slashdot Mirror
"Secured OS" and "good firewall" are OK, if there isn't a backdoor a' la' what the CIA got the Swiss crypto company to provide after WWII. If you're trusting software to keep you out of jail, you need to be working from source, and to have read key parts.
But the other guy who said it would be visible on the wire is 95% right; you can hide low-bandwidth flows fairly well, but hardly anyone has the patience. Of course, few people have time to watch their wire either.
jbvbI'm the architect of NetIntercept - it's a passive network traffic analysis tool with sophisticated stream reassembly, heuristic ID, correlation and search capabilities that go way beyond Ethereal or other fundamentally packet-based analyzers. More like what people used to put X-NSA-Fodder: headers in their e-mail to tweak. This kind of viral/agent-like thing is not in our line.
However, "Sandstorm" is our trademark, and I will be looking into the matter futher. And if I ever see an executable with these characteristics passing by on something I'm monitoring, I'll let you folks know what I find in it.
jbvb